Feds Finally Realize That AT&T Has Been Enabling Scammers To Abuse IP Fraud... Financed By Taxpayers

from the took-'em-long-enough dept

We first wrote about IP Relay fraud all the way back in 2004, when it was pointed out that a huge percentage of calls using this system were fraudulent, and the telcos were doing nothing to stop it, because they were profiting at the taxpayer's expense. If you're unfamiliar with the system, IP Relay has a good intention: to help hearing impaired people communicate -- allowing them to send text-based messages to phone numbers, which are then read by operators. In order to fund this service, the FCC pays telcos an astounding $1.50 per minute on such calls. Scammers, however, quickly realized that this was a way to make free, almost totally anonymous, calls. And the telcos had every incentive to encourage any usage, scammy or not, since it meant they got paid (from taxpayers).

The fact that all of this was obvious eight years ago but it was only just now that feds decided to sue AT&T for abusing the system is pretty incredible. To be fair, the FCC passed rules in 2008 that required telcos try to register users to verify who they were (to take away some of the anonymity of the system). The key issue with this lawsuit is the claim that AT&T intentionally implemented an authentication system that wouldn't work. In other words, it purposely scammed taxpayers out of a ton of money:

The United States alleges that AT&T violated the False Claims Act by facilitating and seeking federal payment for IP Relay calls by international callers who were ineligible for the service and sought to use it for fraudulent purposes. The complaint alleges that, out of fears that fraudulent call volume would drop after the registration deadline, AT&T knowingly adopted a non-compliant registration system that did not verify whether the user was located within the United States. The complaint further contends that AT&T continued to employ this system even with the knowledge that it facilitated use of IP Relay by fraudulent foreign callers, which accounted for up to 95 percent of AT&T’s call volume. The government’s complaint alleges that AT&T improperly billed the TRS Fund for reimbursement of these calls and received millions of dollars in federal payments as a result.

As Karl Bode at Broadband Reports notes, if you start doing the math, the claim that this is about "millions of dollars" may be a "severe under-estimate." We're talking about 95% of all of these calls, done for many years, being fraudulent, with AT&T having no incentive to cut them out, and scammers having tremendous incentive to use the service as well. Again, all of this done with taxpayers footing the bill. While AT&T definitely deserves scorn for allegedly purposely choosing to set up a bogus registration system, a ton of blame has to go to the government for letting all of this happen for so damn long, and not recognizing just how much AT&T was fleecing taxpayers for under the system (not to mention all of the scams this probably helped enable).

So you are saying that AT&T should monitor all of the traffic from these calls and determine if it is legitimate or not? You claim that internet services can't do this same thing (you claim that it is impossible for web sites to scrutinize every upload). Yet now you expect AT&T to scrutinize every transaction of this type. The old double-standard is alive an well right here on TechDirt.

Re:

Wow way to miss the point. AT&T was told by the government they needed to have a system in place to make sure the callers were in the united states. AT&T decide they would implement a lax system for it so they could keep getting the money. How hard could it have been to make sure the phone number the text message came from was a US number? They can keep track of everyone of their subscribers byte usage but they refused to do something so easy as have the party register. They then continued to lie about it and receive money. This is different from an ISP in that AT&T call centers were handling the relay.

Re: Re:

It's possible to within an acceptable amount of accuracy. Ban all connections except for those within the USA. Require a US-Based telephone number to register. Better yet, call that number and verify data.

All of these things are already done, there is already software to do it ... and AT&T has it all at their disposal.

Re: Re: Re:

Re: Re:

Strawmen? Are you saying that fraud calls via the AT&T relay - financed by my taxes - is not a problem? My business has received -dozens- of relay calls. we finally stopped accepting relay calls and simply told the operator to provide our e-mail address to the caller. Article didn't mention where these scammers are from: Nigeria, Ghana, etc. Western Africa. The epicenter of scam.

Re: Re: Re:

Re: Re: TrollHard 2: Virgin Lust

I think I'll give that a go... )Ahem:

AT&T was acting in good faith, taking people words when they claimed they were calling from the US. Now, despite their putting in place a verification system--like the FCC mandated--they're still on the hook for billions of dollars? Why isn't the FCC suing the inept developers who made AT&T's verification system?!?

Imagine if we did this to every big corporation with slipshod QA!!! We wouldn't have any big businesses left--and that would be tragic, since there's no innovation and no small businesses starting up in the US anymore.

Next time, you think hard before indemnifying big corporations--because they're the future.(and scene! ... hold for applause)

Re: Re: Re: Re: TrollHard 2: Virgin Lust

Given how ineffective the current 'oversight and regulation' seems to be, I'd say you'd get much better results if the current oversight and regulation was actually enforced, rather than just ignored or only applied often enough to attempt to give the illusion of actually being enforced.

Re: Re:

Funny, I think ALL of Mike's posts are Troll-tag worthy. And the TechDirt fan club can be called the Troll dolls. If you can't see the hypocrisy of his claims that AT&T should be monitoring the traffic while in his previous posts he claims it's impossible for websites to monitor their users you are to far gone for salvation - you're simply lost to the FREEks.

Re: Re: Re:

AT&T is not monitoring the calls. They are determining the phone number from where the calls originate.

Websites already do this. It's called the client IP address.

Now, here's the $64,000 point that you keep ignoring: A phone number that is using this service can be determined to be legal, or illegal, simply by virtue of where the phone number is located. i.e. the call origination is the *only* bit of info you need. A file being uploaded from an IP address may be illegal, or it may be fair use, or it may be from an authorized source. i.e., the IP address is *not* sufficient info to determine the legality of the upload.

Therefore, Mike's positions are not at all inconsistent.

Any questions? Of course not. You'll probably ignore this post thinking that I'm just one of Mike's cheerleaders.

Re: Re: Re: Re:

Hmm, interesting. How does that work? Are you saying that all legitimate users should have to register their number, and all other numbers be considered illegal? I suppose that could work fairly easily.

Re: Re: Re: Re: Re:

As long as there are no increased fees for the remaining legit users, that would be fine. After all, I can't expect to use an email address without registering for one, and it's not really obstructive to do so.

Re: Re: Re: Re: Re:

Re: Re: Re: Re: Re: Re:

So that takes care of overseas scammers, but that's only a portion. When I worked at an computer repair/sales company, we had countless calls like this, all wanting to place orders for a whole bunch of computers to be sent to US addresses. Doubtful we're talking about an overseas scam there. More likely they're just using a stolen credit card.

Re: Re: Re:

I'm not sure where Mike stands, but the issue here to me isn't that AT&T should be monitoring the calls. That would be wrong, even if they could do it. My problem is the asinine rates that the government is paying for a service that is used primarily for scammers.

There have got to be better alternatives that don't cost taxpayers $1.50 per minute.

Re: Re: Re:

Everyone of these calls were READ ALOUD BY A HUMAN BEING. A human being with the powers of deductive reasoning to determine if a call was likely to be fraudulent or not. On what warped plain of existence do you think that qualifies as being the same as attempting to monitor the sheer VOLUMES of traffic that pass through their switches from their internet service customers accounts?

Re: Re: Re: Re:

And on what planet should we expect call center employees to have full knowledge of all applicable laws? In fact, I know one of those human beings, and they are not to pass any judgment whatsoever on the content. They are to act, effectively, as a machine, but with human expression. They cannot discriminate based on anything. That's the law. The lady I know said that the most humiliating thing she had to do was mediate conversations with phone sex lines...and the law said she had to use proper emphasis.

As much as I generally can't stand the AC trolls here, they have a point. Mike does seem to have a bit of a double standard here. Should the service be a "dumb pipe" type of service, or should it be monitored? The laws governing it all force it to be a dumb pipe, so how are they supposed to resolve it? Perhaps the registered phone numbers works, but it sure creates a much larger hurdle for those who actually need it. Then again, handicapped parking tags are difficult to get, too, and for good reason.

This is a bit of a sticky one, and I am not sure what the right thing is here.

Re: Re: Re: Re: Re:

I was merely commenting on the dynamics of practicality for filtering illegal usage versus legal usage when the gateway is human interaction compared to something like data flow through provider switches. I was in no way advocating content based censorship.

Re: Re: Re:

The logical faculty weak in this one is.

You're either a)trolling b)stupid c)lying or some combination thereof.

AT&T was NOT being asked to "monitor the content of phone calls" which you then bogusly conflate with ISPs monitoring the content of internet browsing. Nothing remotely similar to what you state, but you then rush off, trailing straw, to make a completely invalid point. Not impressive.

AT&T were simply being asked to confirm that the people trying to use the (very profitable) relay-call system were US-based. Easy to do, but when they were ordered by the gov't to do it, they somehow were unable to figure out how to do it. So the revenue stream of tax dollars continued, and this is no more or less than fraud.

Your lecturing, condescending tone is made even more offensive by the fact that you are, as stated, trolling, stupid or lying. An ugly thought process in there regardless, and I'm guessing the rationalization involves a paycheck amirite?

Re: Re: Re:

Websites Can and do monitor their traffic sources. Seeing visits from geographical locations is simple, easy and free. Likewise, AT&T Can easily ascertain geographic location of any number that connects thru its services, whether that connection be landline, digital, or wireless.

Compare a corporate international scam operation that steals cash money to a website that has a copywrited photo on it distributing it free to anyone who wants to save it to their desktop (piracy). Why is it ok for powerful rich corporations to steal, but when someone looks at a picture for free they are the criminal? It's perverse.

Re:

I can spin this for that.
This article proves that we need a smaller government that does not give money to corporations. Screw the disabled, it is their fault they are that way because of their or their parents actions.

Re:

What we see here IS THE DIRECT RESULT OF "GOVERNMENTAL OVERSIGHT AND REGULATION", YA MAROON.

Jebus. WHAT, in this story, suggests MORE of would be better?? AT&T flat out refused to correct a well-intended amendment to the "free relay calls for deafies" giveaway, and they were allowed to do so DESPITE your so-desirable "governmental oversight and regulation" because the political actors involved were paid off with campaign support and donations.

Giving the government more of any power only allows them to sell their services off more. The libertarians you so lamely mock in your post would say, "Do away with the giveaway in the first place." Sure, it's only tens or hundreds of millions of taxpayer dollars wasted (or should I say "unfairly siphoned into the coffers of an existing Big Corp"?), but add up enough similar frauds and waste and you're talking about generations of Americans paying off the debt from your beloved oversight and regulation.

Re:

Why does everyone always want opt-out systems?

Why don't we make them all opt-in instead?

The default position should be unless I contact you and say by all means bother me at all hours and take money from me... you can't. Stop lying and telling me its for my convenience, I know your lying because you've never had to fight with your staff to stop these scams your raking money in with.

Relay calls only come after the scam artist tries ordering off our website and the card is declined or flagged as fraud by lp. Then they call to see if they can get their order past a human. Most of the time, the relay operator is told to ask the scam artist for full name as it appears on the credit card, billing address, city/state/zip, 2 valid phone numbers, credit card #, expiration date, and 3 digit security code. Scam artist can't provide the information and they drop the line.

trollicuffs

To submit your soul to the troll and lock in verbose mortal combat until the point looks like the proverbial flogged dead horse.

Not referring to anything that transpired here, the idea just came over me seeing the name trollificus. You never know what will spark inspiration. Long live the free exchange of ideas, information, and debate.

A T & T benefits from scam

On April 20, 2012, I was contacted by someone who claimed to be an A T & T employee who suggested that I should extend my contract for two more years for a cash credit of $100 to be put into my account. I have been careful not to provide her with my pin or password to make sure she was legitimate. She indeed was able to demonstrate to me that she has access to my account including the fact that I have two phone accounts and that my wife’s contract ends in certain date and my account is eligible for extension now. She explained that when I extend the contract the system will automatically mail me a new phone. In order to get the $100 credit to my account, I am supposed to mail the phone back to the central office of ATT in Maryland at “186 GOLD KETTLE DR GAITHERSBURG, MD 20878, attn: KEVIN”. In the whole process I never revealed my password or pin.
As it turned out, ATT said it was a scam. I did not get the $100 credit, but my contract has been extended for two years. ATT refused to look into why people can access their system and commit fraud to benefit ATT. My contract is now locked for two more years, and they are happy. Of course ATT would refuse to take any action to track the one who committed fraud. They are hoping more people will commit fraud on their behalf so that they can get contracts extended.